CVE-2008-2833

le.cms < 1.4 - Unauthenticated Arbitrary File Upload via admin/upload.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2833. PoCs published by t0pP8uZz.

AI-analyzed exploit summary This exploit leverages an arbitrary file upload vulnerability in LE.CMS <= 1.4 by bypassing authentication checks via manipulated form parameters. It uploads a local file to the target server's /cms/images/ directory with a randomized filename.

Description

admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by t0pP8uZz · perlwebappsphp

https://www.exploit-db.com/exploits/5887

View Code ZIP pw:eip

This exploit leverages an arbitrary file upload vulnerability in LE.CMS <= 1.4 by bypassing authentication checks via manipulated form parameters. It uploads a local file to the target server's /cms/images/ directory with a randomized filename.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: LE.CMS <= 1.4

No auth needed

Prerequisites: Target URL with vulnerable LE.CMS installation · Local file to upload

MITRE ATT&CK